CVE-2026-5061 PUBLISHED

Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

Assigner: HashiCorp
Reserved: 27.03.2026 Published: 12.05.2026 Updated: 12.05.2026

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) is fixed in consul-template 0.42.0.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 4.7

Attack Vector	Local	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	HashiCorp
Product	Tooling
Versions	Default: unaffected affected from 0.1.0 to 0.42.0 (excl.)

Credits

This issue was reported to HashiCorp by Mohamed Abdelaal (0xmrma).

References

https://discuss.hashicorp.com/t/hcsec-2026-12-consul-template-vulnerable-to-sandbox-path-bypass-in-file-helper-through-symlink-attack/77414

Problem Types

CWE-59: Improper Link Resolution Before File Access (Link Following) CWE

Impacts

CAPEC-132: Symlink Attack